The following descriptions summarize the TCP packet fields illustrated in Figure 1-9:

■ Source Port and Destination Port—Identifies points at which upper-layer source and destination processes receive TCP services (16 bits in length). Common destination ports include 23 for Telnet, 21 for FTP, and 20 for FTP data.

■ Sequence Number—Usually specifies the number assigned to the first byte of data in the current message. In the connection-establishment phase, this field can also identify an initial sequence number to be used in an upcoming transmission.

■ Acknowledgment Number—Contains the sequence number of the next byte of data that the sender of the packet expects to receive.

■ Data Offset—Indicates the number of 32-bit words in the TCP header.

■ Reserved—Remains reserved for future use.

■ Flags—Carries a variety of control information, including the SYN and ACK bits used for connection establishment and the FIN bit used for connection termination.

■ Window—Specifies the size of the sender's receive window (that is, the buffer space available for incoming data).

■ Checksum—Indicates whether the header was damaged in transit.

■ Urgent Pointer—Points to the first urgent data byte in the packet.

■ Options—Specifies various TCP options.

■ Data—Contains upper-layer information.

A number of mechanisms are used by TCP to ensure the reliable delivery of data, including the following:

■ Acknowledgments

■ Sequences numbering

NOTE The Flags field is critical in a TCP segment. The field's various options include the following:

■ URG (U) (Urgent)—Informs the other station that urgent data is being carried. The receiver will decide what to do with the data.

■ ACK (A) (Acknowledge)—Indicates that the packet is an acknowledgment of received data, and the acknowledgment number is valid.

■ PSH (P) (Push)—Informs the end station to send data to the application layer immediately.

■ RST (R) (Reset)—Resets an existing connection.

■ SYN (S) (Synchronize)—Initiates a connection. An acknowledgment or SYN-ACK is returned by the receiving station. Once this second segment is received, the initiating station can open the TCP session.

■ FIN (Finished)—Indicates that the sender is finished sending data and terminates the session.

To best describe how TCP is set up and established, consider a Telnet request from a PC to a Cisco router and follow the flags, acknowledgments, sequence, and windowing options.

Figure 1-10 displays a typical Telnet session between a PC and a Cisco router. The PC initializes a Telnet request using destination port 23 and an initial sequence number.

Step 2

Router responds with its own sequence number, and acknowledges the segment by increasing the PC sequence number by one. Flags U A P R S F 0 1 0 0 1 0 Source port is 23. Ack is 14810533. Its own sequence is 3646346918.

Step 6

Router acknowledges request. Step 7

Router also tears down connection.

Note: It takes 3 or 4 TCP segments to open a Telnet session and 4 TCP segments to close it.

The following steps are then taken by TCP:

Step 1 A user on the PC initiates a Telnet session to the router.

The PC sends a request with the SYN bit sent to 1.

The destination port number is 23 (Telnet). The PC also places an initial sequence number (in this case, random number 14810532) in the segment.

Step 2 The router responds with its own sequence number (such as 3646349618) and acknowledges (ACK) the segment sent by the PC. The ACK will be the next expected sequence number generated by the PC; in this example, the ACK is numbered 14810533.

Step 3 The PC sends a segment that acknowledges (ACK) the router's reply. The first three steps are commonly known as the TCP three-way handshake. It is possible for four packets to start a session if a parameter must be negotiated.

Step 4 Data is transferred. The window size can be adjusted according to the PC or the router. The window size, for example, might be four packets before an acknowledgment is required. The sender waits for an acknowledgment before sending the next four segments. The window size can change during a data transfer; this is commonly known as the sliding window. If, for example, a lot of bandwidth is available, the sender might resize the window to eight segments. Or the sender might resize the window to two segments during periods of high congestion. The ACK sent by the receiver is the next expected segment. This indicates that all previous segments have been received and reassembled. If any segment is lost during this phase, TCP can renegotiate the time waited before receiving the ACK and resend any lost segments.

Step 5 After the PC completes the data transfer, the Telnet session closes by sending a TCP segment with the FIN flag set to 1.

Step 6 The router acknowledges (ACK) the request.

Step 7 At this stage, the session is still open and the router could send data (this is known as TCP half close), but the router has no data to send and usually sends a segment with the FIN bit set to 1.

Step 8 The PC acknowledges the router's FIN request, and the Telnet session is closed. At any stage, the session can be terminated if either host sends a reset (RST flags in the TCP header); in this case, the session must be reestablished from scratch.

You need to know the TCP process and how packets are sequenced and acknowledged. TCP

acknowledgments specify the next expected segment from a sender. A TCP session requires three or four segments to start (known as three-way handshake) and four segments to shut down.